Identify which roles are overly permissive.
[
{
"name": "EC2-Admin-Role",
"permissions": [
"*"
],
"description": "Full admin \u2014 overly permissive"
},
{
"name": "LambdaExecutionRole",
"permissions": [
"s3:*",
"dynamodb:*",
"logs:*"
],
"description": "Too broad for Lambda"
},
{
"name": "ReadOnlyRole",
"permissions": [
"s3:GetObject",
"ec2:Describe*"
],
"description": "Correct \u2014 least privilege"
}
]
The EC2-Admin-Role has permissions: ["*"] — this means full access to every AWS service. A compromised instance with this role = full AWS account takeover.